Filter
Top Products
CCA Release 2.54
Appendix C. CCA Control-Vector Definitions and Key
Encryption
This appendix describes the following:
DES control-vector values
1
Specifying a control-vector-base value
Changing control vectors
CCA key encryption and decryption processes.
In the Common Cryptographic Architecture (CCA), a control vector is a non-secret
quantity that expresses permissible usages for an associated key. When a CCA
DES key is encrypted, the key-encrypting key is exclusive-ORed with the control
vector to form the actual key used in the DES key-encrypting process. This
technique allows the generator or introducer of a key to specify how the key is to
be distributed and used. Attacks can be mounted against a cryptographic system
when it is possible to use a key for other than its intended purpose. The CCA
control-vector key-typing scheme and the command authorization and control-vector
checking performed by a CCA node together provide an important defense against
misuse of keys and related attacks.
DES Control-Vector Values
The CCA key token includes the control vector and the encrypted key that the
control vector describes. The control vector is as long as the key, either 64 or 128
bits in length. The control vector is “coupled” to the key because it modifies the
key-encrypting key value used to encrypt the key found in the key token. See
“CCA DES Key Encryption and Decryption Processes” on page C-12.
Although the CCA architecture permits several advanced techniques, the product
implementations described in this book use the same control-vector value for the
second half of a double-length key as for the first half...except for the reversal of
two bits. Therefore, this discussion of control-vector values focuses on a 64-bit
vector with the understanding that, for a double-length key, the control-vector value
associated with each key half is essentially the same.
Bits 8 to 14, and sometimes bits 18 to 22 of a control vector define the key as
belonging to one of several general classes of keys as shown in Figure C-1.
1
In this appendix, control vector means DES control vector base unless noted otherwise.
Copyright IBM Corp. 1997, 2005
C-1